CVE-2025-52645

LOW

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification.

Title source: cna

Description

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Scores

CVSS v3 1.9

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-345

Status published

Products (2)

HCL/AION 2.0

hcltech/aion 2.0 - 2.1.2

Published Mar 16, 2026

Tracked Since Mar 16, 2026